If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Core Impact

I recently began to use this tool to perform tests on client sites as well as our office network. It is ridiculously simple even though all of the functions can be performed with a little research using the tools provided in BT2.

In terms of the Client Side Rapid Penetration Test, does anyone have a solution for getting Impact to send out your spoofed emails if the SMTP servers that are found in the client MX records turn out to (shockingly) not be relaying email anonymously? I think I may need to set up an SMTP server that I can bring up/take down when I plan to send out the Client Side attacks, but if there is another solution - I am all ears.

And I do realize this is a BT forum and not a Core Impact one. I felt it was applicable to the forum as tools in BT allow for email enumeration/spoofing emails. Offensive Security courses also highlight the use of Core Impact. I hope this last paragraph has successfully deferred any "take it to another forum" comments.

We can't and won't pay the 25,000 dollars a year for a unlimited subscription so how can we help. For that kind of money you can bet your ass I'd be calling "TECH Support" at any time of the day with my questions.

We can't and won't pay the 25,000 dollars a year for a unlimited subscription so how can we help. For that kind of money you can bet your ass I'd be calling "TECH Support" at any time of the day with my questions.

Yeah for that same $25K I could trade my Big Red h4X0r I7 n0w button for a diamond-studded rhodium one

if you want more support for core impact ........
just signup for off sec courses ....

We are happy to present a new special opportunity for new and current "Offensive Security 101" students. We are offering free trial versions of Core Impact and Saint Exploit to those who subscribe to our flagship course "Offensive Security 101" including labs. These demos can be used outside of the lab premises.

Let's say you are on a client site and you want to send emails to a list of addresses you have harvested using a directory you gained access to. Uh oh, the client is doing one thing right - they stopped their SMTP servers from relaying spoofed email. Now you still want to send these emails with your proof of concept payload to their employees to highlight the fact that security awareness training is a need and social engineering issues are all over the place.

How do you send the spoofed emails? Do you set up an SMTP server that you turn on/turn off when you want to send spoofed emails? Is there another way to crack this egg without hosting an SMTP server at the home base you have to VPN to and turn on in order to send the spoofed email?

That would entirely depend on the level of privilege/access yoou have gained on the victim network. Another factor you have not given us is whether you have physical acces to the LAN or if this is all remote.

This was for a pentest that happened a few weeks ago, but at the point where I wanted to begin client side attacks through emails to demonstrate their willingness to open and run mean macros hidden using vba in an excel document. This part of the test should (and this is key) be able to be performed remotely as it does not require administrative access to send spoofed emails.

A contractual directive of the pentest is to go as far as possible while not changing the settings on the systems; therefore, I did not want to edit their SMTP settings to allow for email relay.

Let's play hypothetics. If I had been off-site and wanted to send the 500+ phishing emails to the employees of my client, I would have had to use an SMTP server I had set up for mail relay. I would just have to take it down once finished so the spammers would not take advantage of it. That seems like the course of action I will take in the future.